6.1
CVE-2017-1000236
- EPSS 0.24%
- Veröffentlicht 17.11.2017 04:29:00
- Zuletzt bearbeitet 05.12.2025 20:16:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginI, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Scilico ≫ I, Librarian Version <= 4.6
Scilico ≫ I, Librarian Version4.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.445 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.